Information Security Risk & Compliance Officer job at KT Rwanda Networks Ltd
New
Website :
Today
Linkedid Twitter Share on facebook
Information Security Risk & Compliance Officer
2026-07-09T21:37:20+00:00
KT Rwanda Networks Ltd
https://cdn.greatrwandajobs.com/jsjobsdata/data/employer/comp_2106/logo/KT%20Rwanda%20Networks%20Ltd.png
FULL_TIME
Kigali
Kigali
00000
Rwanda
Internet
Computer & IT, Business Operations
RWF
MONTH
2026-07-16T17:00:00+00:00
8

Role Summary:

The Information Security Risk & Compliance Officer drives the organization’s GRC programmes. You make sure security is well governed, risks are understood and managed, and the organization meets its legal, regulatory, and contractual obligations. You are the bridge between technical teams, management, and auditors, turning standards into clear policies and evidence.

Roles & Responsibilities:

  • Build and maintain the Information Security Management System (ISMS).
  • Write, review, and keep up to date security policies, standards, and procedures.
  • Report the organization’s risk and compliance posture to leadership with clear KPIs.
  • Plan and run risk assessments; identify, analyze, and prioritize risks.
  • Maintain the risk register and track treatment plans to completion.
  • Advise teams on controls needed to bring risks to an acceptable level.
  • Align the organization with standards and regulations (e.g. ISO/IEC 27001, NIST CSF, data protection laws, and local telecom and cybersecurity regulations issued by regulators such as RURA and the NCSA, among others).
  • Prepare for and support internal and external audits and certifications.
  • Audit the organization against the defined frameworks and run various assessments to verify and enforce regulatory obligations across all departments.
  • Manage findings, corrective actions, and evidence to closure.
  • Oversee third-party / vendor risk and compliance requirements.
  • Coordinate between IT, business units, legal / data protection, and auditors.
  • Support security awareness and training across the organization.
  • Establish and test business continuity and disaster-recovery arrangements (aligned with ISO 22301).
  • Coordinate security and privacy incident and breach reporting to regulators and authorities within required timelines.
  • Support data-protection activities, including data protection impact assessments (DPIAs) and records of processing.
  • Maintain the inventory and classification of information assets.
  • Monitor regulatory and standards changes and update the compliance programmes accordingly.
  • Oversee data protection, including records of processing, DPIAs, DSARs, and breach notifications.
  • Deliver security and role-based training among other policy bases awareness trainings.

Required Qualifications:

  • Having Bachelor’s Degree in Iinformation Technology, (IT) Security, Computer Science, Business Informatics, or a related field (Mandatory).
  • Professional certification such as ISO 27001 Lead Auditor / Implementer (Mandatory).
  • Certifications such as, CEH, CISA, CRISC, CISSP, GDPR, or CISM.
  • (Added advantage)

Required Experience:

  • 3+ years in information security governance, risk, and compliance (telecom or regulated industry preferred).
  • Good understanding of security standards and frameworks (e.g. ISO/IEC 2700x).
  • Understanding of local regulatory requirements, especially telecom and cybersecurity regulations issued by regulators such as RURA and the NCSA, among others, and the national data protection law.
  • Structured and analytical, able to work independently and manage multiple work streams.
  • Excellent documentation, report-writing, and communication skills; able to explain complex topics simply.
  • Experience with risk-assessment methodologies (e.g. ISO 27005).
  • Familiarity with data protection (GDPR) and regulatory frameworks (e.g. NIS2).
  • Experience preparing for audits and certifications.
  • Strong analytical skills and clear written and verbal communication
  • Build and maintain the Information Security Management System (ISMS).
  • Write, review, and keep up to date security policies, standards, and procedures.
  • Report the organization’s risk and compliance posture to leadership with clear KPIs.
  • Plan and run risk assessments; identify, analyze, and prioritize risks.
  • Maintain the risk register and track treatment plans to completion.
  • Advise teams on controls needed to bring risks to an acceptable level.
  • Align the organization with standards and regulations (e.g. ISO/IEC 27001, NIST CSF, data protection laws, and local telecom and cybersecurity regulations issued by regulators such as RURA and the NCSA, among others).
  • Prepare for and support internal and external audits and certifications.
  • Audit the organization against the defined frameworks and run various assessments to verify and enforce regulatory obligations across all departments.
  • Manage findings, corrective actions, and evidence to closure.
  • Oversee third-party / vendor risk and compliance requirements.
  • Coordinate between IT, business units, legal / data protection, and auditors.
  • Support security awareness and training across the organization.
  • Establish and test business continuity and disaster-recovery arrangements (aligned with ISO 22301).
  • Coordinate security and privacy incident and breach reporting to regulators and authorities within required timelines.
  • Support data-protection activities, including data protection impact assessments (DPIAs) and records of processing.
  • Maintain the inventory and classification of information assets.
  • Monitor regulatory and standards changes and update the compliance programmes accordingly.
  • Oversee data protection, including records of processing, DPIAs, DSARs, and breach notifications.
  • Deliver security and role-based training among other policy bases awareness trainings.
  • Good understanding of security standards and frameworks (e.g. ISO/IEC 2700x).
  • Understanding of local regulatory requirements, especially telecom and cybersecurity regulations issued by regulators such as RURA and the NCSA, among others, and the national data protection law.
  • Structured and analytical, able to work independently and manage multiple work streams.
  • Excellent documentation, report-writing, and communication skills; able to explain complex topics simply.
  • Experience with risk-assessment methodologies (e.g. ISO 27005).
  • Familiarity with data protection (GDPR) and regulatory frameworks (e.g. NIS2).
  • Strong analytical skills and clear written and verbal communication
  • Bachelor’s Degree in Information Technology, (IT) Security, Computer Science, Business Informatics, or a related field (Mandatory).
  • Professional certification such as ISO 27001 Lead Auditor / Implementer (Mandatory).
  • Certifications such as, CEH, CISA, CRISC, CISSP, GDPR, or CISM.
  • (Added advantage)
bachelor degree
36
JOB-6a501490be7e9

Vacancy title:
Information Security Risk & Compliance Officer

[Type: FULL_TIME, Industry: Internet, Category: Computer & IT, Business Operations]

Jobs at:
KT Rwanda Networks Ltd

Deadline of this Job:
Thursday, July 16 2026

Duty Station:
Kigali | Kigali

Summary
Date Posted: Thursday, July 9 2026, Base Salary: Not Disclosed

Similar Jobs in Rwanda
Learn more about KT Rwanda Networks Ltd
KT Rwanda Networks Ltd jobs in Rwanda

JOB DETAILS:

Role Summary:

The Information Security Risk & Compliance Officer drives the organization’s GRC programmes. You make sure security is well governed, risks are understood and managed, and the organization meets its legal, regulatory, and contractual obligations. You are the bridge between technical teams, management, and auditors, turning standards into clear policies and evidence.

Roles & Responsibilities:

  • Build and maintain the Information Security Management System (ISMS).
  • Write, review, and keep up to date security policies, standards, and procedures.
  • Report the organization’s risk and compliance posture to leadership with clear KPIs.
  • Plan and run risk assessments; identify, analyze, and prioritize risks.
  • Maintain the risk register and track treatment plans to completion.
  • Advise teams on controls needed to bring risks to an acceptable level.
  • Align the organization with standards and regulations (e.g. ISO/IEC 27001, NIST CSF, data protection laws, and local telecom and cybersecurity regulations issued by regulators such as RURA and the NCSA, among others).
  • Prepare for and support internal and external audits and certifications.
  • Audit the organization against the defined frameworks and run various assessments to verify and enforce regulatory obligations across all departments.
  • Manage findings, corrective actions, and evidence to closure.
  • Oversee third-party / vendor risk and compliance requirements.
  • Coordinate between IT, business units, legal / data protection, and auditors.
  • Support security awareness and training across the organization.
  • Establish and test business continuity and disaster-recovery arrangements (aligned with ISO 22301).
  • Coordinate security and privacy incident and breach reporting to regulators and authorities within required timelines.
  • Support data-protection activities, including data protection impact assessments (DPIAs) and records of processing.
  • Maintain the inventory and classification of information assets.
  • Monitor regulatory and standards changes and update the compliance programmes accordingly.
  • Oversee data protection, including records of processing, DPIAs, DSARs, and breach notifications.
  • Deliver security and role-based training among other policy bases awareness trainings.

Required Qualifications:

  • Having Bachelor’s Degree in Iinformation Technology, (IT) Security, Computer Science, Business Informatics, or a related field (Mandatory).
  • Professional certification such as ISO 27001 Lead Auditor / Implementer (Mandatory).
  • Certifications such as, CEH, CISA, CRISC, CISSP, GDPR, or CISM.
  • (Added advantage)

Required Experience:

  • 3+ years in information security governance, risk, and compliance (telecom or regulated industry preferred).
  • Good understanding of security standards and frameworks (e.g. ISO/IEC 2700x).
  • Understanding of local regulatory requirements, especially telecom and cybersecurity regulations issued by regulators such as RURA and the NCSA, among others, and the national data protection law.
  • Structured and analytical, able to work independently and manage multiple work streams.
  • Excellent documentation, report-writing, and communication skills; able to explain complex topics simply.
  • Experience with risk-assessment methodologies (e.g. ISO 27005).
  • Familiarity with data protection (GDPR) and regulatory frameworks (e.g. NIS2).
  • Experience preparing for audits and certifications.
  • Strong analytical skills and clear written and verbal communication

Work Hours: 8

Experience in Months: 36

Level of Education: bachelor degree

Job application procedure
Interested in applying for this job? Click here to submit your application now.

Interested candidates are required to submit the following documents:

  • A signed application letter addressed to the Chief Executive Officer (CEO) of KTRN.
  • A copy of notarized required academic degree
  • A copy of a valid National Identity Card (ID);
  • A criminal Record
  • An updated Curriculum Vitae (CV) including at least three (3) professional referees and their contact details;
  • Supporting documents demonstrating the required work experience.

All application documents must be combined into a single PDF file and submitted no later than 16th July 2026 at 5:00 PM.

Only shortlisted candidates shall be contacted.

KTRN Management

All Jobs | QUICK ALERT SUBSCRIPTION

Job Info
Job Category: Computer/ IT jobs in Rwanda
Job Type: Full-time
Deadline of this Job: Thursday, July 16 2026
Duty Station: Kigali | Kigali
Posted: 10-07-2026
No of Jobs: 1
Start Publishing: 09-07-2026
Stop Publishing (Put date of 2030): 10-10-2076
Apply Now
Notification Board

Join a Focused Community on job search to uncover both advertised and non-advertised jobs that you may not be aware of. A jobs WhatsApp Group Community can ensure that you know the opportunities happening around you and a jobs Facebook Group Community provides an opportunity to discuss with employers who need to fill urgent position. Click the links to join. You can view previously sent Email Alerts here incase you missed them and Subscribe so that you never miss out.

Caution: Never Pay Money in a Recruitment Process.

Some smart scams can trick you into paying for Psychometric Tests.